############################## The Special Case of admins.pub ############################## The contents of ``_ are regularly mutated manually by admins. While changes will be propagated by the normal autonomic release machinery to ``_ (symlinked from ``_ for compatibility), depending on the mutations made, it may be advisable to manually release this volume (``group.admins.pub``) to more eagerly push changes to the read-only mountpoint. Many of the files therein are referenced via symlink or explicit configuration on various hosts; see below for the manifest. AFS Volumes Impacted -------------------- Note that ``admins.pub.readonly`` (and ``groups.readonly`` and ``root.ro.readonly`` and ``root.cell.readonly``, which are necessary for the full paths above) are even being served by our "core database" machines, e.g. typhon and friends, so that its contents remain available even in incredibly adverse conditions. Manifest -------- Adminly-things `````````````` ``authorized_keys`` Administrator SSH public keys. See :ref:`admin-hats_ssh`. Externally referenced by symlink and/or cron copy by admin-controlled hosts at ``~localadmin/.ssh`` and/or ``~root/.ssh``. ``k5login`` A list of ``/admin`` principals for kerberized logins to administrative accounts on admin-controlled machines. Externally referenced similarly to ``authorized_keys``. ``forward`` The contents of ``~/.forward`` on administrative accounts on admin-controlled machines. Externally referenced similarly to ``authorized_keys``. ``HOSTS.TXT`` An abortive attempt at a single authoritative file for our DNS and DHCP needs; was more relevant when our configuration mattered to other people. ``homedir.skel`` Skeleton user home directory, used by ``../scripts/new-user``. ``scripts`` Automation of adminly tasks. Mutually referential and often referenced by this documentation. Global Parameters ````````````````` ``kdc.conf`` The Kerberos Key Distribution Center's global, non-secret parameters. See :ref:`krb_config`. Externally referenced by all KDCs via symlink at ``/etc/krb5kdc/kdc.conf``. ``ceph.conf`` Global parameters of the Ceph cluster. See :doc:`../storage/ceph`. Externally referenced by all ceph nodes via symlink at ``/etc/ceph/ceph.conf``. ``CellServDB.server`` AFS ``CellServDB`` file for AFS servers. Not externally referenced (yet?), but should match ``/etc/openafs/server/CellServDB`` on these nodes. ``UserList`` Super-users of the AFS cell. See :ref:`admin-hats_afs`. Externally referenced on all AFS servers via symlink in ``/etc/openafs/server``. ``UserList.annotated`` A comment-ful version of the above. See :ref:`admin-hats_afs`. Published Materials ``````````````````` ``certs/*.crt`` The public components of X.509 certificates issued to us. Available for ease of access, not externally referenced by systems. ``certs/jhu-cert-chain.pem`` The certificate chain from a global CA to our certificates. Externally referenced by name on servers speaking TLS; see for example :doc:`../networks/webserver`. ``notes`` What you are reading now! ``postfix-local-afs.diff`` Patches to postfix to make it build a local.afs program for delivery into AFS. See :ref:`smtp-patch_for_afs`. The paths ``README-BRAVE-NEW-WORLD`` and ``README-BRAVE-NEW-WORLD-GROUPS`` are symlinks into these notes now but are preserved from earlier days.